Award-winning news, views, and insight from the ESET security community

12 tree-mendous security tips for Christmas

Tis’ the season to be jolly but Christmas is also a happy time of year for cybercriminals looking for their own gifts. We look at what you can do to ensure it’s only Santa that is allowed to bypass your security.

Tis’ the season to be jolly but Christmas is also a happy time of year for cybercriminals looking for their own gifts. We look at what you can do to ensure it’s only Santa that is allowed to bypass your security.

The festive season is now in full swing. The tree is up, the decorations are done and some of the presents are even ready to be wrapped. Perhaps you’ve already bought whiskey and carrots for Santa and his reindeers. Not a bad effort, we’re sure you’ll agree. For others, the story is the exact opposite: no presents, no decorations, no yuletide joy. Bah humbug!

Whether you’re prepared for Christmas or not, there’s something everyone should be aware of – the importance of cybersecurity. The last thing anyone wants is to be compromised over the festive period. We’ve had a word with one of Santa’s little cyber helpers and the result is this guide: 12 top tips to staying secure this Christmas below.

Research, research, research

At Christmas, you should research what you’re buying, not only to get the best price, but also to ensure that you get the right product, that it will get delivered on time and that it is as it was advertised.

By doing this, you also reduce the chance of fraudsters taking your money and running with their fly-by-night websites, and of criminals trying to steal your banking details via phishing emails and fake websites.

Ask yourself: Do you trust the buyer?

You need to be sure you know who you are dealing with online. Do you know the ecommerce site, the retail store or sales provider? Do you trust them with your money, and that they will deliver the goods?

If not, this unreliable ‘vendor’ may otherwise be trying to steal your money and bank details through duplicitous scams, preying on your good intentions and eagerness to secure a nice but affordable gift at Christmas.

If you’re in any doubt, click away from the site and search through a respected search engine. You can use certificates or another authenticity checker to establish whether the seller is who they say they are. If you’re buying from sellers on Amazon and EBay, check their rating and see what users say about them.

Be careful with social media ‘deals’

You must always be wary of deals that look too good to be true, especially if promoted on unknown websites, via email or on social media. Be vigilant and look for indicators of authority. For example, on Twitter, verified accounts come with a blue badge that has a white tick. This is a pretty reliable indicator that a brand or individual is as they say they are.

Cybercriminals often use social media to lure victims into making snap decisions, using attractive offers, through a shortened URL – which can then redirect the visitor to a malware-infested site, or a spoofed page designed to steal their details – that are hard to resist (again, more so during the festive season).

Secure your payments

We simply cannot say this enough, but every time you visit an online retailer, you should look for the padlock symbol and the ‘s’ at the end of http in the URL address bar. These are strong indicators of a secure webpage from a reliable brand.

What does this mean? In short, the page is end-to-end encrypted, so the web session can’t be intercepted in a man-in-the-middle attack (easily achievable if you’ve left your Wi-Fi wide open). Your information will only go to the provider.

Check payment storage details

Some websites ask if you want to store your payments details, while others will require you to actively opt-out of doing this. This is convenient, but dangerous if that site becomes compromised.

Think carefully about whether or not you want to do save these details. Assess the way you shop online. Ask whether you prefer to make purchases at home or if you are happy to pick up a few things at work? Your nationality, interestingly, might be an influential factor here.

Monitor your bank transactions

Be sure to keep an eye on your bank statements. Be on the lookout for small, “under the radar” payments or possible overpayments that could indicate that your credit card has been compromised.

Stop credit card payments immediately if you see something suspicious – it could be a cybercriminal … or an over-spending family member!

Don’t offer cybercriminals a ‘Wi-Fi Christmas’

Secure Wi-Fi is absolutely vital for your privacy, especially when shopping online. It’s potentially one of the major security flaws going, as a lot of people are unaware of how our desire for convenience can leave us vulnerable to cybercrime.

If possible, avoid using free, open and unsecured Wi-Fi hotspots when it comes to shopping online. Instead, consider your home the ideal destination for web retail, as some nearby coffee shop might provide you with welcome relief after your shopping marathon, but do little to protect you from fraud.

Approach ‘season’s greetings’ spam emails with caution

As of late, there’s been a trend for sending Christmas e-cards – electronic cards with some text, video and effects – as opposed to real ones. This is no surprise as we spend so much time on our mobile devices, that traditional cards, while nice, can seem like a relic from the past. But, the only downside is that these can he hijacked by cybercriminals.

Attackers will often send out ‘season’s greetings’ spam emails, with the attached file or link usually malicious. UK shoppers in particular should be careful, as they are extremely likely to be hit with spam of this ilk. If you are at all uncertain, either delete the email or contact the sender using a connection (like their phone number) you can trust.

Check your holiday details

Christmas is a great time to get away, be that to a sunny resort or skiing vacation. However, it is worth checking you’re getting a good deal as these breaks can be sold by fraudulent outfits. Not only is there a huge financial cost – UK holidaymakers were conned out of £2.2 million in 2014 alone – but an emotional one too.

As such, whether you’re planning to get away at Christmas or in the New Year, make sure the holiday or flight is genuine by spending a lot of time researching (see point one). Also, check online travel agents for an ABTA/ATOL number.

Be wary of suspicious web links

Another popular scam at this time of year falls under what is known as Black Hat Search Engine Optimisation (BHSEO) which, simply put, redirects searches on shopping-related keywords to malicious websites that try to infect users with rogue anti-virus and other malware.

As ESET’s senior research fellow David Harley once remarked: “Scams related to Christmas-shopping are becoming more sophisticated every year. Once any of these data fall into the hands of cybercriminals, they can be used to purchase real or bogus items, and generate a nice little profit.”

Delete ‘invoice’ spam

Another rather simple, yet powerful attack from cybercriminals sees them send out emails with the headline “shipping information” or “sales invoices”, usually in the hope that an exhausted Christmas shopper will think they’ve simply overlooked a payment.

However, these emails can contain an infected file or link so the usual rules apply: be cautious, patient and make enquiries. Trust you instinct if you have any semblance of concern.

Install security software on new tech

This Christmas will see millions of presents given and received worldwide, and you can expect that many of these will be new technology – new iPads, iPhones and smartwatches.

But once the Christmas rush is over, make sure you install relevant security software on any new technology you or your children get before you hand over the device. This will give you plenty of control and put your mind at ease when your kids our out of sight.

Do all of the above and you should enjoy a very merry Christmas indeed!